PT-2026-8329 · WordPress+1 · Mattermost Plugin Zoom+1
Daw10
·
Publicado
2026-02-16
·
Atualizado
2026-03-03
·
CVE-2026-0998
CVSS v3.1
4.3
Média
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Mattermost versions 11.1.x through 11.1.2
Mattermost versions 10.11.x through 10.11.9
Mattermost versions 11.2.x through 11.2.1
Mattermost Plugin Zoom versions through 1.11.0
Description
The software does not properly validate user identity and post ownership. This allows unauthorized users to initiate Zoom meetings as any user and modify posts through direct API calls with manipulated user IDs and post data. The issue affects the
/api/v1/askPMI endpoint. The user id and post data are vulnerable parameters used in the API calls.Recommendations
Update Mattermost to a version later than 11.1.2.
Update Mattermost to a version later than 10.11.9.
Update Mattermost to a version later than 11.2.1.
Update Mattermost Plugin Zoom to a version later than 1.11.0.
Correção
Missing Authorization
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Mattermost
Mattermost Plugin Zoom